IETF Logo Mail Archive

Re: [v6ops] Deprecating 2002::/16 - 6to4 Historic Status

Mohacsi Janos <mohacsi@niif.hu> Thu, 07 April 2011 08:54 UTC

Return-Path: <mohacsi@niif.hu>
X-Original-To: v6ops@core3.amsl.com
Delivered-To: v6ops@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BB4813A68DF for <v6ops@core3.amsl.com>; Thu, 7 Apr 2011 01:54:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.359
X-Spam-Level:
X-Spam-Status: No, score=0.359 tagged_above=-999 required=5 tests=[AWL=-0.237, BAYES_00=-2.599, HELO_EQ_HU=1.35, HOST_EQ_HU=1.245, J_CHICKENPOX_13=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AsZu7rDc8uCD for <v6ops@core3.amsl.com>; Thu, 7 Apr 2011 01:54:42 -0700 (PDT)
Received: from mail.ki.iif.hu (mail.ki.iif.hu [IPv6:2001:738:0:411::241]) by core3.amsl.com (Postfix) with ESMTP id 250693A68D6 for <v6ops@ietf.org>; Thu, 7 Apr 2011 01:54:42 -0700 (PDT)
Received: from cirkusz.lvs.iif.hu (cirkusz.lvs.iif.hu [193.225.14.182]) by mail.ki.iif.hu (Postfix) with ESMTP id 57A5C8723F; Thu, 7 Apr 2011 10:56:25 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at cirkusz.lvs.iif.hu
Received: from mail.ki.iif.hu ([IPv6:::ffff:193.6.222.241]) by cirkusz.lvs.iif.hu (cirkusz.lvs.iif.hu [::ffff:193.225.14.72]) (amavisd-new, port 10024) with ESMTP id LfirLNmsc9h0; Thu, 7 Apr 2011 10:56:09 +0200 (CEST)
Received: by mail.ki.iif.hu (Postfix, from userid 9002) id 4D82B8720B; Thu, 7 Apr 2011 10:56:09 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1]) by mail.ki.iif.hu (Postfix) with ESMTP id 45DE686D16; Thu, 7 Apr 2011 10:56:09 +0200 (CEST)
Date: Thu, 07 Apr 2011 10:56:09 +0200
From: Mohacsi Janos <mohacsi@niif.hu>
X-X-Sender: mohacsi@mignon.ki.iif.hu
To: Dmitry Anipko <Dmitry.Anipko@microsoft.com>
In-Reply-To: <DD1A73D9E9C89144A927C5080F70285A015E3F1E009A@NA-EXMSG-S702.segroup.winse.corp.microsoft.com>
Message-ID: <alpine.BSF.2.00.1104071055230.87087@mignon.ki.iif.hu>
References: <0AB09EDBCD1C484EBE45978D62F3513C3CD8A349@TK5EX14MBXW601.wingroup.windeploy.ntdev.microsoft.com> <BANLkTimjZ4SjCPE1xS1erf4_9ZEEharNhA@mail.gmail.com> <BANLkTims5GD5r6NLHayn3JqzDpd8K+u7+g@mail.gmail.com> <BANLkTinGNRmYK6-0Xc-2r5VUgz7smYD+hg@mail.gmail.com> <41E97647-E5FF-4077-ACF5-00C157E40C59@bogus.com> <0AB09EDBCD1C484EBE45978D62F3513C3CD8ABB4@TK5EX14MBXW601.wingroup.windeploy.ntdev.microsoft.com> <alpine.LRH.2.02.1104071034280.14313@netcore.fi> <DD1A73D9E9C89144A927C5080F70285A015E3F1E009A@NA-EXMSG-S702.segroup.winse.corp.microsoft.com>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
Cc: "v6ops@ietf.org" <v6ops@ietf.org>, Carlos Martinez-Cagnazzo <carlos@lacnic.net>, Christopher Palmer <Christopher.Palmer@microsoft.com>
Subject: Re: [v6ops] Deprecating 2002::/16 - 6to4 Historic Status
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Apr 2011 08:54:43 -0000

On Thu, 7 Apr 2011, Dmitry Anipko wrote:

> Hi Pekka,
>
>>> When connecting to a dual-stack server with IP addresses 2.2.2.2 and
> 2001:db8::1.It will use 6to4 instead of IPv4 through NAT. FAIL.
>>>  2) 6to4 is used if v4 has mismatching scope (private->public)
>
> Windows implementation treats RFC 1918 prefixes as public, specifically 
> due to this reason, so on Windows, in this scenario v4->v4 is preferred 
> over 6to4->native v6.

Same for FreeBSD, OpenBSD and NetBSD.

>
> Thank you,
> Dmitry
> -----Original Message-----
> From: v6ops-bounces@ietf.org [mailto:v6ops-bounces@ietf.org] On Behalf Of Pekka Savola
> Sent: Thursday, April 07, 2011 12:44 AM
> To: Christopher Palmer
> Cc: v6ops@ietf.org; Carlos Martinez-Cagnazzo
> Subject: Re: [v6ops] Deprecating 2002::/16 - 6to4 Historic Status
>
> On Thu, 7 Apr 2011, Christopher Palmer wrote:
>> "A host with a public but natted v4 address will alwas get hosed by this."
>>
>> A host in that condition will have a broken 6to4 address, but won't experience a degradation in their web experience if they have RFC 3484 implemented.
>>
>> So really this would be the third proposed 6to4 mitigation:
>>
>> 1. Ensuring that IPv4->IPv4 is ranked higher than 6to4->IPv6 in the RFC 3484.
>> 2. Changing default host behavior. (still being debated)
>> 3. Deprecation of the prefix.
>>
>> Given (1) and (2), the operational value of 3 is still lost on me. Is the expectation that ISPs stop routing 6to4 packets? Is this a signal that we don't just hate 6to4, but we super hate it?
>
> This will require an update in the RFC 3484 implementation.  Maybe
> this is what you meant, or maybe not.
>
> Joel is probably referring to this:
>
> http://tools.ietf.org/html/draft-ietf-6man-rfc3484-revise-02#section-2.4
>
> (This issue has a lot of history -- known for some 7-8yrs, see
> http://tools.ietf.org/html/draft-ietf-v6ops-v6onbydefault-03#section-2.1)
>
> If I understand this correctly:
>
> The NAT44ting/6to4 gateway has public IP 1.1.1.1 (WAN)
> It is advertising 2002:0101:0101:0::/64 out on LAN.
> It is doing NAT on LAN.
>
> Hence, hosts behind such gateway have IPv6 address
> 2002:0101:0101:0::EUI64 and 192.168.1.1.
>
> When connecting to a dual-stack server with IP addresses 2.2.2.2 and
> 2001:db8::1.
>
> It will use 6to4 instead of IPv4 through NAT. FAIL.
>
> If the client would have had IP address 1.1.1.2 and
> 2002:0101:0101:0::EUI64, with (current) RFC3484 implementation, it
> would have preferred IPv4 instead of 6to4.
>
> So, there are are really two layers of RFC3484 brokenness:
>
>  1) not implemented at all
>  2) 6to4 is used if v4 has mismatching scope (private->public)
>
> -- 
> Pekka Savola                 "You each name yourselves king, yet the
> Netcore Oy                    kingdom bleeds."
> Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops
>
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops
>

v2.23.0 | Report a Bug | By Email